Last updated 24 November 2020

1. Information on the gathering of personal data

a) Controller

The Controller pursuant to the Malaysian Personal Data Protection Act 2010 (“PDPA”) is:

A&A Naturals Enterprise (Registration No.: 201903299487)

Registered office of the company:

13 Jalan Sri Tasik Barat 1D

63000 Cyberjaya, Selangor

Malaysia

Tel.: + 60-11-1910-0805

E-Mail: admin@aanaturals.com

Website: www.aanaturals.com

b) General

We at A&A Naturals Enterprise are committed to protecting the personal rights of anyone whose personal data is processed at by us. Your personal data (e.g. form of address, name, address, e-mail address and user conduct) will only be processed by us in line with this Privacy Policy.

The provisions below inform you about the nature, scope and purpose of gathering, processing and using personal data. This Privacy Policy only relates to our website. Should you be redirected to other pages via links set on our website, please find out there about how your data is handled.

c) When you get in touch with us by e-mail or via a contact form, in particular via our chat tool(s), the data given by you (in particular your e-mail address, name and telephone number) and any further information that you provide us with in the e-mails, will be saved by us in order to answer your questions. We delete or anonymise the data arising in this context once it is no longer necessary to save it, or limit the processing, should statutory archival obligations exist.

d) Should we resort to commissioned service providers for individual functions of our range of services and/or products or should we wish to use your data for commercial purposes, we will inform you about the respective procedures below in detail. In this context, we will also specify the criteria laid down for the period of storage.

2. Your rights

a) You have the following rights vis-à-vis us in regard to the personal data concerning you:

  • The right to information;
  • the right to correction or deletion;
  • the right to limitation of the processing;
  • the right to oppose said processing; and/or
  • the right to the data being transmittable.

b) In addition, you are entitled to complain to a data protection supervisory authority about the processing of your personal data by us.

3. Gathering of personal data when visiting our website

a) When you use our website merely to obtain information, even if you do not register or transmit information to us in any other way, we will only gather the personal data that your browser transmits to our servers. If you would like to view our website, we gather the following data, that is technically necessary for us, in order to display our website to you and ensure its stability and security:

  • IP address;
  • Date and time of the request;
  • Time zone difference in relation to Greenwich Mean Time (GMT);
  • The content of the request (specific page);
  • The access status/http status code;
  • The respective volume of data transmitted;
  • The website from which the request comes;
  • Browser;
  • Operating system and its graphic user interface; and/or
  • Language and version of the browser software.

b) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser used by you, and by means of which the organisation that places the cookie (in this case, us) receives certain information. Cookies are not able to execute any programs or transmit viruses to your computer. They serve the purpose of making the range of our online services more user-friendly and effective.

c) Use of cookies:

  • This website uses the following types of cookies, the scope and functioning of which is explained below:
  • Transient cookies are automatically deleted when you close the browser. This in particular includes session cookies. They save a so-called session ID, with which various requests of your browser can be allocated to the joint session. In this way your browser can be recognised again if you return to our website. The session cookies are deleted once you log out or close the browser.
  • Persistent cookies are automatically deleted after a predefined period of time, which may vary, depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
  • You can configure your browser setting in line with your wishes, and, for example, refuse to accept third party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.

4. Data security

We maintain up-to-date technical measures, to guarantee the data security, in particular in order to protect your personal data from any data transmission risks, as well as from third parties becoming aware of it. These are accordingly always adapted in line with the current state of the art.

5. Further functions and services of our website:

  • Beside the purely informational use of our website, we offer various services that you can make use of if you are interested. For that purpose, you generally need to specify further personal data that we use to provide the respective service and for which the data processing principles specified above apply.
  • In order to process your data, we may sometimes make use of external service providers. These are chosen carefully and instructed by us, are bound to our instructions, and are monitored regularly.
  • We may, furthermore, pass your personal data on to third parties if participation in campaigns, sweepstakes, the conclusion of contracts or similar services is offered by us in conjunction with partners. You can obtain further information on this when you enter your personal data or below in the description of our services.
  • Should our service providers or partners have their registered office in another country than Malaysia, we will inform you about the consequences of such a circumstance in the description of the services.

6. Objection to or revocation of the processing of your data

  • Should you have given consent to your data being processed, you may revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data, once you have declared it to us.
  • Should we base the processing of your personal data on the weighing up of interests, you may file an objection against such processing. This is the case if the processing is in particular not necessary in order to fulfil a contract with you, which is in each case explained by us in the subsequent description of the functions. When making such an objection, we ask you to state the reasons why we are not supposed to process your personal data in the way that we have been doing. In the event of your making a substantiated objection, we will review the circumstances and will either cease processing the data or adapt it, or point out to you our mandatory reasons, worthy of protection, based on which we will continue to process your data.
  • You can, of course, object to the processing of your personal data for advertising purposes and data analysis at any time. You can inform us about your objection to your data being used for advertising purposes.

7. Newsletter

  • For subscribing to our newsletter, we use the so-called one time opt-in procedure. That means that, once you have given us your e-mail address, we send you a confirmation e-mail to the e-mail address specified, where we inform you that have subscribed to our newsletter. We store your e-mail address until such time as you unsubscribe from the newsletter. Your e-mail address is stored solely for enabling us to send you the newsletter. Whenever you register with us and confirm your registration we moreover save your IP addresses and the time, so that we are able to provide evidence of your registration and prevent any abuse of your personal data.
  • The only mandatory detail for being sent the newsletter is your e-mail address. Once you have registered, we save your e-mail address for the purpose of sending you the newsletter.
  • You may revoke your consent to being sent the newsletter at any time. You can declare your revocation by clicking on the link provided in any newsletter e-mail or unsubscribe by sending us an email to: admin@aanaturals.com. Your data specified will not be passed on to third parties.
  • We would like to point out that, when we send you the newsletter, we evaluate your usage pattern. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. With the data obtained in this way we create a user profile, so that we can customise the newsletter in line with your individual interests. When you read our newsletter, we record what links you click on in it, and, based on that, keep a note of what interests you personally. We link said data to actions carried out by you on our website. You can object to such tracking at any time, by clicking on the separate link that is provided in every e-mail, or inform us by contacting us in another way. The information will be stored for as long as you have subscribed to the newsletter. Once you unsubscribe, we store the data purely for statistical purposes, and anonymously.

8. The use of Google Analytics

  • We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies, i.e. text files which are stored on your computer and which enable an analysis of the use of the website by you. The information generated by the cookie on your use of this website is usually transferred to a server of Google in the USA and saved there. We use IP anonymisation on this website, i.e. your IP address is truncated by Google within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server of Google in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities, and in order to provide the website operator with further services associated with the use of the website and Internet.
  • The IP address transmitted by your browser within the scope of Google Analytics is not merged with any other data of Google.
  • You can, moreover, prevent the data generated by the cookie which relates to your use of the website (incl. your IP address) from being recorded by Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: google.com/dlpage/gaoptout
  • We use Google Analytics to be able to analyse the use of our website and regularly enhance it. The statistics obtained help us to enhance our website and design it in a more interesting way for you, as the user. For the exceptional cases, where personal data is transmitted to the USA.
  • Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436  Terms and conditions of use: www.google.com/analytics/terms/de.html; overview on data privacy: www.google.com/intl/de/analytics/learn/privacy.html, and the data privacy statement: www.google.de/intl/de/policies/privacy.

9. Google-Maps

  • On this website we may use the services of Google Maps. We may thereby show you interactive maps directly on the website and enable you to use the map function conveniently.
  • Through the visit to the website Google obtains the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in Section 3 of this Privacy Policy is transmitted. This is done irrespective of whether Google provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be allocated to your profile at Google, you need to log out prior to activating the button. Google stores your data as a usage profile and uses it for the purpose of advertising, market research and/or designing its website in line with your requirements. Such an evaluation is in particular performed (even for non-logged in users) to provide customised advertising and to inform other users of the social network about your activities on our website. You have a right of opposition to such a user profile being created, in regard to which you need to contact Google in order to exercise said right.
  • You can obtain further information on the purpose and scope of gathering data and having it processed by the plug-in provider in the provider’s data privacy statements. There you will also receive further information on your rights and setting options to protect your privacy, in this respect: google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU/US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

10. Cookie information

Our website uses so-called session or flash cookies. Cookies are text files that are stored in the internet browser or by the internet browser in the user’s computer system. When a user visits a website, a cookie can be stored in his or her operating system. This cookie contains a characteristic string of characters that permits the browser to be uniquely identified at the next visit of this website. The use of technically required cookies serves the purpose of simplifying website use for the user. Some functions of our website cannot be provided without the use of cookies, as they require the browser to be recognized even after changing to another page. In addition, we also use so-called persistent cookies – insofar as you permit – which are used over and beyond the session (“multi-session cookies”). Especially these cookies serve to make the online service more user-friendly, effective and safe. The user data collected by means of technically required cookies will not be used to identify you.

We need cookies for the following applications:

  • Google services:
  • Google Remarketing;
  • Google Analytics functions for advertising reports;
  • Google Ads Remarketing; and/or
  • Google Ads Conversion Tracking.

The user data collected by way of technically required cookies will not be used for the creation of user profiles. The processing of personal data is required to pursue our legitimate interests. Cookies are stored in the user’s PC and sent to our page by it. You thus have full control over the use of cookies as the user, and these cookies will be deleted again when the browser is closed. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done in an automated fashion. If cookies are deactivated, you may no longer be able to use all the website’s functions.

Services provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereafter referred to as “Google”):

Google Remarketing (Google Analytics ad function remarketing)

We may use the Google Remarketing application. This application enables our adverts to be displayed in your further internet use after visiting our website. This is done by way of cookies that are stored in your browser and help Google track and evaluate your user behaviour when visiting various websites. Google is thus able to discover your previous visit of our website. These cookies can be stored for up to 24 months. According to the information provided by Google, the data collected in the remarketing will not be merged with any personal data of yours possibly stored by Google. In particular, a pseudonymization is used in the remarketing, according to Google.

You can prevent your inclusion in this tracking process in various ways: a) by the corresponding settings of your browser software, with the suppression of third-party cookies especially preventing the display of advertising from third-party providers; b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-related ads from providers included in the “About Ads” self-regulation campaign, by way of the link http://www.aboutads.info/choices, thus providing a setting that will be deleted when you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin, e) by way of the corresponding cookie settings. We need to point out that you may not be able to make full use of all this offer’s functions in this case.

Further information on data protection at Google is available here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can also visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Google Analytics functions for advertising reports

In addition to the standard functions, we also use the expanded functions of Google Analytics on this website. The Google Analytics advertising functions implemented in this website include: reports on impressions in the Google display network; Google Analytics reports on the performance in relation to demographic features and interests; integrated services for which data are collected in Google Analytics for advertising purposes, including the collection of data via cookies for ad preferences and anonymous identifiers.

To this end and besides the data collected by way of the Google Analytics analysis tool, further data are also collected by way of Google cookies for ad preferences and anonymous identifiers for visits. These cookies can be stored for up to 26 months. We use this information to improve our online services.

You can prevent the use of Google Analytics ad functions in various ways: a) by setting your browser software accordingly; via the Google ad settings at https://www.google.com/ads/preferences/?hl=de; c) by means of the corresponding cookie settings, or d) by deactivation on the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. We need to point out that you may not be able to make full use of all this offer’s functions in this case.

Google Ads Remarketing

We may use the remarketing function within the Google Ads service. The remarketing function helps us present users of our website with ads based on their interests on other websites included in the Google ad network (in the Google search or on YouTube, so-called “Google ads” or on other webpages). This involves an analysis of the users’ interactions on our website, e.g. concerning which offers interested them, in order to be also able to display targeted ads to users based on their interests on other websites after visiting ours. To do this, Google stores a number in the browsers of users visiting specific Google services or websites in the Google display network. This number is referred to as a “cookie”, stored in your browser for up to one month, and used to register the visits of these users. The number only serves to uniquely identify a web browser of a specific device and not the identification of a person, with no personal data being stored.

You can prevent your inclusion in this tracking process in various ways: a) by the corresponding settings of your browser software, with the suppression of third-party cookies especially preventing the display of advertising from third-party providers; b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-related ads from providers included in the “About Ads” self-regulation campaign, by way of the link http://www.aboutads.info/choices, thus providing a setting that will be deleted when you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin, e) by way of the corresponding cookie settings. We need to point out that you may not be able to make full use of all this offer’s functions in this case.

Further information on data protection at Google is available here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can also visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

We rely on the Google Ads Conversion service to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Ads). We are able to measure the success of individual advertising measures in relation to the data of the advertising campaigns. This serves our interest in displaying adverts to you which are of interest to you, in making our website more interesting for you, and ensuring fair billing of advertising costs.

These advertising media are delivered by Google by way of so-called “ad servers”, for which we use ad server cookies enabling specific success parameters such as the display of advertising or user clicks to be measured. If you are referred to our website by a Google ad, Google Ads will store a cookie in your device. These cookies will lose their validity after 30 days as a rule and are not meant to serve your personal identification. The analysis values stored for this cookie usually include the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user does not wish to be addressed any longer).

These cookies enable Google to recognize your internet browser. If a user visits specific pages in the website of an Ads client before the cookie stored in his or her computer has expired, Google and the client will both be able to recognize that this user has clicked the ad and was referred to this page. Every Ads client is allocated a different cookie. Cookies can thus not be tracked via the websites of Ads clients. We do not collect or process any personal data in the mentioned advertising measures ourselves, but are merely provided with statistical evaluations by Google. These evaluations help us discover which of the applied advertising measures are particularly effective. We are not being provided with any further data from the use of advertising media, and are especially unable to identify users with the help of this information.

Based on the marketing tools used, your browser will automatically establish a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google by means of these tools, and are therefore informing you in keeping with our state of knowledge: The integration of Ads Conversion provides Google with the information that you have visited the respective part of our internet presentation or clicked an ad of ours. If you are registered with a Google service, Google will be able to relate the visit to your account. Even if you are not registered with Google and/or have not logged in, the provider may possibly still gain knowledge of your IP address and store it.

Further information on data protection at Google is available here: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can also visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

11. Use of social media plug-ins

  • We may use the following social media plug-ins: Facebook, Instagram and Twitter. In that respect, we may use the so-called two-click solution. That means that if you visit our website, no personal data will be passed on the provider of the plug-in initially. You can recognise the provider of the plug-in via the marking on the box, going by its initial letter, or by the logo. We give you the opportunity to communicate directly with the provider via the button. Only if you click on the field marked and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online services. In addition, the data specified in Section 3 of this Privacy Policy is transmitted. In the case of Facebook, as per details given by the respective providers in Malaysia the IP address is anonymised immediately once the data is gathered. That means that, through the plug-in being activated, personal data of yours is transmitted to the respective plug-in provider and stored there (in the case of US-based providers, in the United States). The plug-in provider in particular undertakes the gathering of data using cookies.
  • We neither have any control over the data gathered or the data processing procedures nor are we are aware of the full extent of the data gathered, the purposes of the processing or the storage periods. We also have no information about the deletion of the data gathered by the plug-in provider.
  • The plug-in provider stores the data gathered about you as a usage profile and uses it for the purpose of advertising, market research and/or designing its website in line with user requirements. Such an evaluation is in particular performed (also for non-logged in users) to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to such a user profile being created, in regard to which you need to contact the respective plug-in provider in order to exercise said right. Via the plug-ins we give you the opportunity to interact with the social networks and other users, so that we can improve our website and design it in a more interesting way for you as a user.
  • Data is passed on irrespective of whether or not you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data gathered by us will be directly assigned to your account kept with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also stores this information in your user account and notifies your contacts about it publicly. We recommend you to regularly log out after using a social network, in particular, however, prior to activating the button, as in this way you can avoid any of your user activities being assigned to your profile kept with the plug-in provider.
  • You can obtain further information on the purpose and scope of gathering data and having it processed by the plug-in provider from these providers’ data privacy statements specified below. There you will also receive further information on your rights and setting options to protect your private sphere, in this respect.
  • Addresses of the respective plug-in providers and URLs containing their data privacy policies:
  • Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other, as well as www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
  • Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; google.com/policies/privacy/partners/. Google has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
  • Social media plug-in of Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA; instagram.com/519522125107875
  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; com/privacy. Twitter has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.

12. Integration of YouTube videos

  • We may include YouTube videos in our online services, and these are stored at youtube.com and can be played back directly from our website. They are all included in “extended data privacy mode”, i.e. no data is transmitted to YouTube via you as a user if you do not play back the videos. Only if you play back the videos is the data referred to under
  • We have no control over such data transmission. b) Through the visit to the website YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in Section 3 of this Privacy Policy is transmitted. This is done irrespective of whether YouTube provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be allocated to your profile at YouTube, you need to log out prior to activating the button. YouTube stores your data as a usage profile and uses it for the purposes of advertising, market research and/or designing its website in line with your requirements. Such an evaluation is in particular undertaken (even for non-logged in users) to provide customised advertising and to inform other users of the social network about your activities on our website. You have a right of opposition to such a user profile being created. You need to contact YouTube in order to exercise said right.
  • You can find further information on the purpose and scope of data being gathered and the processing of it by YouTube in the data privacy statement. There you can also find further information on your rights and setting options to protect your privacy: google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.

13. Information on data processing with respect to the Facebook page

Information on data processing with respect to the Facebook page:http://www.fb.com/aa.naturals

Our Facebook page serves to enable communication with our fans, end consumers and customers and to highlight news items, products, campaigns and such like. Please note that in this respect user data may be processed outside of Malaysia. However, Facebook is subject to the terms of the EU-US Privacy Shield and guarantees compliance with the data protection standards of the PDPA. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Our Facebook page, including the processing of personal user data, reflects the company’s justified interest in contemporary and supportive opportunities for information and interaction for and with our customers, fans and friends. The processing of data on this Facebook page is subject to an Agreement on the Joint Processing of Personal Data with Facebook. Processing of Personal Data by Facebook The operator of a Facebook page is responsible together with Facebook for the processing of personal user data. We are aware that Facebook processes user data for the following reasons: Advertising (analysis, compilation of customised adverts), Preparation of user profiles, Market research. As a rule, the data are processed to satisfy the requirements of market research and advertising. From the usage pattern and the user’s interests thereby traced, it is possible to generate user profiles. The user profiles can then, for example, serve to place advertisements in and outside Facebook that can be assumed to reflect the interests of the user. To this end, cookies are stored on the user computers in which the usage pattern and user interests are saved. Furthermore, irrespective of the user’s hardware, it is also possible to save data in the user profiles (in particular if the user is a Facebook member and is actually logged in). The following data privacy statement gives information about the data processing carried out by Facebook: www.facebook.com/about/privacy/ . Facebook also provides options for the user to object to advertisements (so-called opt out). These can be set under the following link: www.facebook.com/settings. Via the so-called “insights” from the Facebook page, statistical data of various categories can be called up by us. These statistics are generated and provided by Facebook. We, as site operators, have no influence on the generation and display of these statistics. We are not able to deactivate this function or prevent data being generated and processed. Requests for information and enquiries on the assertion of user rights can be addressed the most effectively to Facebook directly. Only Facebook has access to the user data and can take the necessary measures and provide information. If you no longer wish your data to be processed in future as described here, then you may cancel your user profile’s link to our page by using the functions “I don’t like this page any more” and/or “Cancel subscription to this page”.